comisai 1.0.34 → 1.0.37

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (448) hide show
  1. package/node_modules/@comis/agent/dist/background/auto-background-middleware.d.ts +11 -1
  2. package/node_modules/@comis/agent/dist/background/auto-background-middleware.js +30 -4
  3. package/node_modules/@comis/agent/dist/background/background-task-manager.d.ts +22 -2
  4. package/node_modules/@comis/agent/dist/background/background-task-manager.js +88 -40
  5. package/node_modules/@comis/agent/dist/background/background-task-persistence.js +34 -4
  6. package/node_modules/@comis/agent/dist/background/background-task-types.d.ts +59 -3
  7. package/node_modules/@comis/agent/dist/background/background-task-types.js +1 -1
  8. package/node_modules/@comis/agent/dist/background/completion-dispatcher.d.ts +130 -0
  9. package/node_modules/@comis/agent/dist/background/completion-dispatcher.js +215 -0
  10. package/node_modules/@comis/agent/dist/background/completion-formatter.d.ts +39 -0
  11. package/node_modules/@comis/agent/dist/background/completion-formatter.js +77 -0
  12. package/node_modules/@comis/agent/dist/background/completion-runner.d.ts +62 -0
  13. package/node_modules/@comis/agent/dist/background/completion-runner.js +234 -0
  14. package/node_modules/@comis/agent/dist/background/index.d.ts +10 -1
  15. package/node_modules/@comis/agent/dist/background/index.js +4 -0
  16. package/node_modules/@comis/agent/dist/background/session-resolver.d.ts +85 -0
  17. package/node_modules/@comis/agent/dist/background/session-resolver.js +78 -0
  18. package/node_modules/@comis/agent/dist/bootstrap/sections/messaging-sections.js +1 -0
  19. package/node_modules/@comis/agent/dist/bootstrap/sections/tool-descriptions.js +3 -3
  20. package/node_modules/@comis/agent/dist/bootstrap/sections/tooling-sections.d.ts +30 -2
  21. package/node_modules/@comis/agent/dist/bootstrap/sections/tooling-sections.js +51 -2
  22. package/node_modules/@comis/agent/dist/bootstrap/system-prompt-assembler.d.ts +22 -0
  23. package/node_modules/@comis/agent/dist/bootstrap/system-prompt-assembler.js +2 -2
  24. package/node_modules/@comis/agent/dist/bridge/bridge-event-handlers.d.ts +1 -5
  25. package/node_modules/@comis/agent/dist/bridge/bridge-event-handlers.js +2 -14
  26. package/node_modules/@comis/agent/dist/bridge/bridge-metrics.d.ts +43 -2
  27. package/node_modules/@comis/agent/dist/bridge/bridge-metrics.js +17 -2
  28. package/node_modules/@comis/agent/dist/bridge/pi-event-bridge.d.ts +32 -23
  29. package/node_modules/@comis/agent/dist/bridge/pi-event-bridge.js +145 -62
  30. package/node_modules/@comis/agent/dist/bridge/thinking-block-hash-invariant.d.ts +6 -7
  31. package/node_modules/@comis/agent/dist/bridge/thinking-block-hash-invariant.js +24 -25
  32. package/node_modules/@comis/agent/dist/budget/cost-tracker.d.ts +1 -1
  33. package/node_modules/@comis/agent/dist/context-engine/constants.d.ts +5 -5
  34. package/node_modules/@comis/agent/dist/context-engine/constants.js +12 -12
  35. package/node_modules/@comis/agent/dist/context-engine/context-engine.js +13 -4
  36. package/node_modules/@comis/agent/dist/context-engine/dag-annotator.d.ts +1 -2
  37. package/node_modules/@comis/agent/dist/context-engine/dag-annotator.js +1 -2
  38. package/node_modules/@comis/agent/dist/context-engine/llm-compaction.js +20 -16
  39. package/node_modules/@comis/agent/dist/context-engine/rehydration.js +6 -6
  40. package/node_modules/@comis/agent/dist/context-engine/signature-replay-scrubber.d.ts +12 -12
  41. package/node_modules/@comis/agent/dist/context-engine/signature-replay-scrubber.js +36 -22
  42. package/node_modules/@comis/agent/dist/context-engine/signature-surrogate-guard.d.ts +10 -10
  43. package/node_modules/@comis/agent/dist/context-engine/signature-surrogate-guard.js +14 -14
  44. package/node_modules/@comis/agent/dist/context-engine/thinking-block-cleaner.d.ts +11 -13
  45. package/node_modules/@comis/agent/dist/context-engine/thinking-block-cleaner.js +14 -15
  46. package/node_modules/@comis/agent/dist/context-engine/types-core.d.ts +15 -0
  47. package/node_modules/@comis/agent/dist/executor/cache-break-detection.d.ts +6 -6
  48. package/node_modules/@comis/agent/dist/executor/cache-break-detection.js +8 -8
  49. package/node_modules/@comis/agent/dist/executor/capability-index-context.d.ts +72 -0
  50. package/node_modules/@comis/agent/dist/executor/capability-index-context.js +329 -0
  51. package/node_modules/@comis/agent/dist/executor/drain-helper.d.ts +122 -0
  52. package/node_modules/@comis/agent/dist/executor/drain-helper.js +173 -0
  53. package/node_modules/@comis/agent/dist/executor/error-classifier.js +2 -2
  54. package/node_modules/@comis/agent/dist/executor/executor-context-engine-setup.d.ts +16 -0
  55. package/node_modules/@comis/agent/dist/executor/executor-context-engine-setup.js +46 -5
  56. package/node_modules/@comis/agent/dist/executor/executor-post-execution.d.ts +78 -4
  57. package/node_modules/@comis/agent/dist/executor/executor-post-execution.js +150 -31
  58. package/node_modules/@comis/agent/dist/executor/executor-prompt-runner.d.ts +7 -0
  59. package/node_modules/@comis/agent/dist/executor/executor-prompt-runner.js +26 -5
  60. package/node_modules/@comis/agent/dist/executor/executor-response-filter.d.ts +7 -6
  61. package/node_modules/@comis/agent/dist/executor/executor-response-filter.js +9 -42
  62. package/node_modules/@comis/agent/dist/executor/executor-tool-assembly.d.ts +18 -1
  63. package/node_modules/@comis/agent/dist/executor/executor-tool-assembly.js +20 -18
  64. package/node_modules/@comis/agent/dist/executor/gemini-cache-injector.d.ts +2 -2
  65. package/node_modules/@comis/agent/dist/executor/gemini-cache-injector.js +4 -4
  66. package/node_modules/@comis/agent/dist/executor/jit-guide-injector.d.ts +11 -2
  67. package/node_modules/@comis/agent/dist/executor/jit-guide-injector.js +16 -2
  68. package/node_modules/@comis/agent/dist/executor/phase-filter.d.ts +2 -2
  69. package/node_modules/@comis/agent/dist/executor/phase-filter.js +5 -7
  70. package/node_modules/@comis/agent/dist/executor/pi-executor.d.ts +21 -2
  71. package/node_modules/@comis/agent/dist/executor/pi-executor.js +96 -18
  72. package/node_modules/@comis/agent/dist/executor/post-batch-continuation.js +7 -7
  73. package/node_modules/@comis/agent/dist/executor/prompt-assembly.d.ts +9 -1
  74. package/node_modules/@comis/agent/dist/executor/prompt-assembly.js +15 -1
  75. package/node_modules/@comis/agent/dist/executor/stream-wrappers/request-body-injector.d.ts +1 -1
  76. package/node_modules/@comis/agent/dist/executor/stream-wrappers/request-body-injector.js +1 -1
  77. package/node_modules/@comis/agent/dist/executor/tool-deferral.d.ts +18 -27
  78. package/node_modules/@comis/agent/dist/executor/tool-deferral.js +34 -43
  79. package/node_modules/@comis/agent/dist/index.d.ts +17 -0
  80. package/node_modules/@comis/agent/dist/index.js +32 -11
  81. package/node_modules/@comis/agent/dist/model/auth-provider.d.ts +25 -2
  82. package/node_modules/@comis/agent/dist/model/auth-provider.js +6 -0
  83. package/node_modules/@comis/agent/dist/model/compaction-model-resolver.d.ts +3 -3
  84. package/node_modules/@comis/agent/dist/model/compaction-model-resolver.js +3 -3
  85. package/node_modules/@comis/agent/dist/model/model-registry-adapter.js +1 -1
  86. package/node_modules/@comis/agent/dist/model/model-scanner.js +1 -1
  87. package/node_modules/@comis/agent/dist/model/oauth-credential-store-file.d.ts +37 -0
  88. package/node_modules/@comis/agent/dist/model/oauth-credential-store-file.js +279 -0
  89. package/node_modules/@comis/agent/dist/model/oauth-credential-store-selector.d.ts +49 -0
  90. package/node_modules/@comis/agent/dist/model/oauth-credential-store-selector.js +50 -0
  91. package/node_modules/@comis/agent/dist/model/oauth-device-code.d.ts +57 -0
  92. package/node_modules/@comis/agent/dist/model/oauth-device-code.js +302 -0
  93. package/node_modules/@comis/agent/dist/model/oauth-env.d.ts +33 -0
  94. package/node_modules/@comis/agent/dist/model/oauth-env.js +38 -0
  95. package/node_modules/@comis/agent/dist/model/oauth-errors.d.ts +41 -0
  96. package/node_modules/@comis/agent/dist/model/oauth-errors.js +88 -0
  97. package/node_modules/@comis/agent/dist/model/oauth-identity.d.ts +53 -0
  98. package/node_modules/@comis/agent/dist/model/oauth-identity.js +141 -0
  99. package/node_modules/@comis/agent/dist/model/oauth-login-runner.d.ts +99 -0
  100. package/node_modules/@comis/agent/dist/model/oauth-login-runner.js +374 -0
  101. package/node_modules/@comis/agent/dist/model/oauth-tls-preflight.d.ts +58 -0
  102. package/node_modules/@comis/agent/dist/model/oauth-tls-preflight.js +82 -0
  103. package/node_modules/@comis/agent/dist/model/oauth-token-manager.d.ts +86 -16
  104. package/node_modules/@comis/agent/dist/model/oauth-token-manager.js +961 -66
  105. package/node_modules/@comis/agent/dist/model/operation-model-defaults.d.ts +9 -4
  106. package/node_modules/@comis/agent/dist/model/operation-model-defaults.js +36 -9
  107. package/node_modules/@comis/agent/dist/model/resolve-provider-api-key.d.ts +48 -0
  108. package/node_modules/@comis/agent/dist/model/resolve-provider-api-key.js +66 -0
  109. package/node_modules/@comis/agent/dist/provider/capabilities.d.ts +5 -5
  110. package/node_modules/@comis/agent/dist/provider/capabilities.js +10 -23
  111. package/node_modules/@comis/agent/dist/safety/tool-output-safety.js +3 -3
  112. package/node_modules/@comis/agent/dist/safety/tool-retry-breaker.d.ts +11 -1
  113. package/node_modules/@comis/agent/dist/safety/tool-retry-breaker.js +19 -22
  114. package/node_modules/@comis/agent/dist/session/comis-session-manager.d.ts +17 -3
  115. package/node_modules/@comis/agent/dist/session/comis-session-manager.js +1 -1
  116. package/node_modules/@comis/agent/dist/spawn/narrative-caster.d.ts +10 -0
  117. package/node_modules/@comis/agent/dist/spawn/narrative-caster.js +5 -1
  118. package/node_modules/@comis/agent/dist/spawn/pi-mono-adapters.d.ts +1 -1
  119. package/node_modules/@comis/agent/dist/spawn/pi-mono-adapters.js +5 -5
  120. package/node_modules/@comis/agent/dist/workspace/data-env.d.ts +38 -0
  121. package/node_modules/@comis/agent/dist/workspace/data-env.js +56 -0
  122. package/node_modules/@comis/agent/dist/workspace/index.d.ts +1 -0
  123. package/node_modules/@comis/agent/dist/workspace/index.js +1 -0
  124. package/node_modules/@comis/agent/dist/workspace/templates.js +5 -1
  125. package/node_modules/@comis/agent/package.json +1 -1
  126. package/node_modules/@comis/channels/dist/email/email-adapter.js +6 -6
  127. package/node_modules/@comis/channels/dist/email/imap-lifecycle.js +7 -7
  128. package/node_modules/@comis/channels/dist/index.d.ts +1 -1
  129. package/node_modules/@comis/channels/dist/index.js +1 -1
  130. package/node_modules/@comis/channels/dist/shared/channel-manager.d.ts +9 -3
  131. package/node_modules/@comis/channels/dist/shared/deliver-to-channel.js +12 -10
  132. package/node_modules/@comis/channels/dist/shared/inbound-gate.d.ts +1 -1
  133. package/node_modules/@comis/channels/dist/shared/inbound-gate.js +22 -7
  134. package/node_modules/@comis/channels/dist/shared/inbound-pipeline.d.ts +10 -3
  135. package/node_modules/@comis/channels/dist/shared/inbound-route.d.ts +1 -1
  136. package/node_modules/@comis/channels/dist/shared/inbound-route.js +13 -2
  137. package/node_modules/@comis/channels/dist/shared/response-filter.d.ts +11 -24
  138. package/node_modules/@comis/channels/dist/shared/response-filter.js +25 -53
  139. package/node_modules/@comis/channels/dist/telegram/telegram-adapter.js +1 -1
  140. package/node_modules/@comis/channels/package.json +1 -1
  141. package/node_modules/@comis/cli/dist/cli.js +2 -0
  142. package/node_modules/@comis/cli/dist/commands/agent.d.ts +3 -3
  143. package/node_modules/@comis/cli/dist/commands/agent.js +46 -3
  144. package/node_modules/@comis/cli/dist/commands/auth.d.ts +37 -0
  145. package/node_modules/@comis/cli/dist/commands/auth.js +433 -0
  146. package/node_modules/@comis/cli/dist/commands/doctor.d.ts +4 -1
  147. package/node_modules/@comis/cli/dist/commands/doctor.js +20 -5
  148. package/node_modules/@comis/cli/dist/commands/providers.d.ts +1 -2
  149. package/node_modules/@comis/cli/dist/commands/providers.js +5 -6
  150. package/node_modules/@comis/cli/dist/doctor/checks/oauth-health.d.ts +39 -0
  151. package/node_modules/@comis/cli/dist/doctor/checks/oauth-health.js +399 -0
  152. package/node_modules/@comis/cli/dist/doctor/types.d.ts +19 -0
  153. package/node_modules/@comis/cli/dist/index.d.ts +1 -0
  154. package/node_modules/@comis/cli/dist/index.js +10 -4
  155. package/node_modules/@comis/cli/dist/output/relative-time.d.ts +23 -0
  156. package/node_modules/@comis/cli/dist/output/relative-time.js +36 -0
  157. package/node_modules/@comis/cli/dist/wizard/non-interactive.js +17 -8
  158. package/node_modules/@comis/cli/dist/wizard/steps/03-provider.js +2 -1
  159. package/node_modules/@comis/cli/dist/wizard/steps/04-credentials.js +223 -34
  160. package/node_modules/@comis/cli/dist/wizard/steps/10-write-config.js +14 -0
  161. package/node_modules/@comis/cli/dist/wizard/steps/11-daemon-start.js +3 -3
  162. package/node_modules/@comis/cli/dist/wizard/types.d.ts +7 -0
  163. package/node_modules/@comis/cli/package.json +1 -1
  164. package/node_modules/@comis/core/dist/bootstrap.d.ts +1 -1
  165. package/node_modules/@comis/core/dist/config/env-substitution.d.ts +66 -0
  166. package/node_modules/@comis/core/dist/config/env-substitution.js +115 -0
  167. package/node_modules/@comis/core/dist/config/field-metadata.js +2 -0
  168. package/node_modules/@comis/core/dist/config/immutable-keys.js +4 -1
  169. package/node_modules/@comis/core/dist/config/index.d.ts +7 -1
  170. package/node_modules/@comis/core/dist/config/index.js +4 -1
  171. package/node_modules/@comis/core/dist/config/loader.js +61 -0
  172. package/node_modules/@comis/core/dist/config/managed-sections.d.ts +3 -3
  173. package/node_modules/@comis/core/dist/config/managed-sections.js +10 -5
  174. package/node_modules/@comis/core/dist/config/schema-agent.d.ts +4 -792
  175. package/node_modules/@comis/core/dist/config/schema-agent.js +16 -1
  176. package/node_modules/@comis/core/dist/config/schema-approvals.d.ts +0 -14
  177. package/node_modules/@comis/core/dist/config/schema-auto-reply-engine.d.ts +0 -6
  178. package/node_modules/@comis/core/dist/config/schema-background-tasks.d.ts +1 -6
  179. package/node_modules/@comis/core/dist/config/schema-background-tasks.js +7 -0
  180. package/node_modules/@comis/core/dist/config/schema-browser.d.ts +0 -18
  181. package/node_modules/@comis/core/dist/config/schema-channel.d.ts +0 -158
  182. package/node_modules/@comis/core/dist/config/schema-coalescer.d.ts +0 -5
  183. package/node_modules/@comis/core/dist/config/schema-daemon.d.ts +0 -32
  184. package/node_modules/@comis/core/dist/config/schema-delivery.d.ts +1 -17
  185. package/node_modules/@comis/core/dist/config/schema-delivery.js +2 -0
  186. package/node_modules/@comis/core/dist/config/schema-documentation.d.ts +0 -12
  187. package/node_modules/@comis/core/dist/config/schema-embedding.d.ts +0 -20
  188. package/node_modules/@comis/core/dist/config/schema-envelope.d.ts +0 -15
  189. package/node_modules/@comis/core/dist/config/schema-gateway.d.ts +0 -37
  190. package/node_modules/@comis/core/dist/config/schema-gemini-cache.d.ts +0 -4
  191. package/node_modules/@comis/core/dist/config/schema-gemini-cache.js +0 -2
  192. package/node_modules/@comis/core/dist/config/schema-integrations.d.ts +0 -318
  193. package/node_modules/@comis/core/dist/config/schema-lifecycle-reactions.d.ts +0 -18
  194. package/node_modules/@comis/core/dist/config/schema-memory-review.d.ts +0 -7
  195. package/node_modules/@comis/core/dist/config/schema-memory.d.ts +0 -16
  196. package/node_modules/@comis/core/dist/config/schema-messages.d.ts +0 -8
  197. package/node_modules/@comis/core/dist/config/schema-models.d.ts +0 -15
  198. package/node_modules/@comis/core/dist/config/schema-notification.d.ts +0 -5
  199. package/node_modules/@comis/core/dist/config/schema-oauth.d.ts +18 -0
  200. package/node_modules/@comis/core/dist/config/schema-oauth.js +19 -0
  201. package/node_modules/@comis/core/dist/config/schema-observability.d.ts +0 -38
  202. package/node_modules/@comis/core/dist/config/schema-output-retention.d.ts +34 -0
  203. package/node_modules/@comis/core/dist/config/schema-output-retention.js +48 -0
  204. package/node_modules/@comis/core/dist/config/schema-plugins.d.ts +0 -8
  205. package/node_modules/@comis/core/dist/config/schema-providers.d.ts +0 -64
  206. package/node_modules/@comis/core/dist/config/schema-queue.d.ts +0 -58
  207. package/node_modules/@comis/core/dist/config/schema-response-prefix.d.ts +0 -2
  208. package/node_modules/@comis/core/dist/config/schema-retry.d.ts +0 -6
  209. package/node_modules/@comis/core/dist/config/schema-scheduler.d.ts +0 -39
  210. package/node_modules/@comis/core/dist/config/schema-secrets.d.ts +0 -3
  211. package/node_modules/@comis/core/dist/config/schema-security.d.ts +0 -18
  212. package/node_modules/@comis/core/dist/config/schema-send-policy.d.ts +0 -13
  213. package/node_modules/@comis/core/dist/config/schema-sender-trust-display.d.ts +0 -5
  214. package/node_modules/@comis/core/dist/config/schema-serializer.js +2 -0
  215. package/node_modules/@comis/core/dist/config/schema-skills.d.ts +0 -63
  216. package/node_modules/@comis/core/dist/config/schema-skills.js +3 -4
  217. package/node_modules/@comis/core/dist/config/schema-streaming.d.ts +0 -38
  218. package/node_modules/@comis/core/dist/config/schema-telegram-file-guard.d.ts +0 -3
  219. package/node_modules/@comis/core/dist/config/schema-tooling.d.ts +87 -0
  220. package/node_modules/@comis/core/dist/config/schema-tooling.js +152 -0
  221. package/node_modules/@comis/core/dist/config/schema-verbosity.d.ts +0 -12
  222. package/node_modules/@comis/core/dist/config/schema-webhooks.d.ts +0 -40
  223. package/node_modules/@comis/core/dist/config/schema.d.ts +50 -37
  224. package/node_modules/@comis/core/dist/config/schema.js +9 -0
  225. package/node_modules/@comis/core/dist/context/context.d.ts +0 -4
  226. package/node_modules/@comis/core/dist/domain/approval-request.d.ts +0 -17
  227. package/node_modules/@comis/core/dist/domain/background-task-origin.d.ts +29 -0
  228. package/node_modules/@comis/core/dist/domain/background-task-origin.js +39 -0
  229. package/node_modules/@comis/core/dist/domain/delivery-origin.d.ts +0 -5
  230. package/node_modules/@comis/core/dist/domain/execution-graph.d.ts +0 -48
  231. package/node_modules/@comis/core/dist/domain/memory-entry.d.ts +0 -3
  232. package/node_modules/@comis/core/dist/domain/model-compat.d.ts +0 -4
  233. package/node_modules/@comis/core/dist/domain/normalized-message.d.ts +0 -15
  234. package/node_modules/@comis/core/dist/domain/provider-capabilities.d.ts +0 -6
  235. package/node_modules/@comis/core/dist/domain/rich-message.d.ts +0 -14
  236. package/node_modules/@comis/core/dist/domain/subagent-context-config.d.ts +0 -22
  237. package/node_modules/@comis/core/dist/domain/subagent-context-types.d.ts +0 -8
  238. package/node_modules/@comis/core/dist/event-bus/events-agent.d.ts +31 -0
  239. package/node_modules/@comis/core/dist/event-bus/events-infra.d.ts +76 -2
  240. package/node_modules/@comis/core/dist/exports/config.d.ts +2 -2
  241. package/node_modules/@comis/core/dist/exports/config.js +3 -1
  242. package/node_modules/@comis/core/dist/exports/domain.d.ts +2 -0
  243. package/node_modules/@comis/core/dist/exports/domain.js +1 -0
  244. package/node_modules/@comis/core/dist/exports/hooks.d.ts +1 -1
  245. package/node_modules/@comis/core/dist/exports/ports.d.ts +2 -2
  246. package/node_modules/@comis/core/dist/exports/ports.js +1 -1
  247. package/node_modules/@comis/core/dist/ports/channel-plugin.d.ts +0 -13
  248. package/node_modules/@comis/core/dist/ports/delivery-queue.d.ts +23 -0
  249. package/node_modules/@comis/core/dist/ports/delivery-queue.js +2 -0
  250. package/node_modules/@comis/core/dist/ports/index.d.ts +4 -0
  251. package/node_modules/@comis/core/dist/ports/index.js +5 -0
  252. package/node_modules/@comis/core/dist/ports/no-op-tool-capability.d.ts +30 -0
  253. package/node_modules/@comis/core/dist/ports/no-op-tool-capability.js +47 -0
  254. package/node_modules/@comis/core/dist/ports/oauth-credential-store.d.ts +64 -0
  255. package/node_modules/@comis/core/dist/ports/oauth-credential-store.js +37 -0
  256. package/node_modules/@comis/core/dist/ports/tool-capability.d.ts +165 -0
  257. package/node_modules/@comis/core/dist/ports/tool-capability.js +15 -0
  258. package/node_modules/@comis/core/dist/security/audit.d.ts +0 -11
  259. package/node_modules/@comis/core/dist/tool-metadata.d.ts +41 -1
  260. package/node_modules/@comis/core/dist/tool-metadata.js +1 -1
  261. package/node_modules/@comis/core/package.json +1 -1
  262. package/node_modules/@comis/daemon/bundled-skills/skill-creator/scripts/validate-skill.py +1 -1
  263. package/node_modules/@comis/daemon/dist/daemon-types.d.ts +23 -3
  264. package/node_modules/@comis/daemon/dist/daemon.js +168 -30
  265. package/node_modules/@comis/daemon/dist/index.d.ts +2 -0
  266. package/node_modules/@comis/daemon/dist/index.js +5 -0
  267. package/node_modules/@comis/daemon/dist/observability/channel-health-logger.js +3 -3
  268. package/node_modules/@comis/daemon/dist/observability/delivery-queue-logger.js +1 -1
  269. package/node_modules/@comis/daemon/dist/rpc/agent-handlers.d.ts +22 -1
  270. package/node_modules/@comis/daemon/dist/rpc/agent-handlers.js +84 -21
  271. package/node_modules/@comis/daemon/dist/rpc/agent-inline-workspace.d.ts +1 -1
  272. package/node_modules/@comis/daemon/dist/rpc/agent-inline-workspace.js +3 -3
  273. package/node_modules/@comis/daemon/dist/rpc/builtin-provider-guard.js +2 -2
  274. package/node_modules/@comis/daemon/dist/rpc/config-handlers.d.ts +9 -1
  275. package/node_modules/@comis/daemon/dist/rpc/config-handlers.js +104 -23
  276. package/node_modules/@comis/daemon/dist/rpc/credential-resolver.d.ts +30 -1
  277. package/node_modules/@comis/daemon/dist/rpc/credential-resolver.js +74 -11
  278. package/node_modules/@comis/daemon/dist/rpc/mcp-handlers.d.ts +8 -0
  279. package/node_modules/@comis/daemon/dist/rpc/mcp-handlers.js +22 -8
  280. package/node_modules/@comis/daemon/dist/rpc/model-handlers.d.ts +1 -1
  281. package/node_modules/@comis/daemon/dist/rpc/model-handlers.js +2 -2
  282. package/node_modules/@comis/daemon/dist/rpc/provider-handlers.js +9 -12
  283. package/node_modules/@comis/daemon/dist/rpc/rpc-dispatch.d.ts +1 -0
  284. package/node_modules/@comis/daemon/dist/rpc/rpc-dispatch.js +27 -2
  285. package/node_modules/@comis/daemon/dist/setup-docker-restart-warn.js +0 -1
  286. package/node_modules/@comis/daemon/dist/sub-agent-runner.d.ts +18 -0
  287. package/node_modules/@comis/daemon/dist/sub-agent-runner.js +41 -9
  288. package/node_modules/@comis/daemon/dist/wiring/index.d.ts +4 -0
  289. package/node_modules/@comis/daemon/dist/wiring/index.js +2 -0
  290. package/node_modules/@comis/daemon/dist/wiring/oauth-preflight.d.ts +21 -0
  291. package/node_modules/@comis/daemon/dist/wiring/oauth-preflight.js +134 -0
  292. package/node_modules/@comis/daemon/dist/wiring/setup-agents.d.ts +81 -2
  293. package/node_modules/@comis/daemon/dist/wiring/setup-agents.js +164 -3
  294. package/node_modules/@comis/daemon/dist/wiring/setup-background-completion-runner.d.ts +58 -0
  295. package/node_modules/@comis/daemon/dist/wiring/setup-background-completion-runner.js +59 -0
  296. package/node_modules/@comis/daemon/dist/wiring/setup-background-tasks.d.ts +10 -3
  297. package/node_modules/@comis/daemon/dist/wiring/setup-background-tasks.js +13 -7
  298. package/node_modules/@comis/daemon/dist/wiring/setup-channels.d.ts +9 -2
  299. package/node_modules/@comis/daemon/dist/wiring/setup-channels.js +35 -10
  300. package/node_modules/@comis/daemon/dist/wiring/setup-cross-session.d.ts +20 -5
  301. package/node_modules/@comis/daemon/dist/wiring/setup-cross-session.js +21 -16
  302. package/node_modules/@comis/daemon/dist/wiring/setup-delivery.d.ts +14 -5
  303. package/node_modules/@comis/daemon/dist/wiring/setup-delivery.js +65 -20
  304. package/node_modules/@comis/daemon/dist/wiring/setup-gateway.d.ts +4 -6
  305. package/node_modules/@comis/daemon/dist/wiring/setup-gateway.js +3 -5
  306. package/node_modules/@comis/daemon/dist/wiring/setup-heartbeat.d.ts +20 -5
  307. package/node_modules/@comis/daemon/dist/wiring/setup-heartbeat.js +11 -2
  308. package/node_modules/@comis/daemon/dist/wiring/setup-output-retention.d.ts +89 -0
  309. package/node_modules/@comis/daemon/dist/wiring/setup-output-retention.js +212 -0
  310. package/node_modules/@comis/daemon/dist/wiring/setup-schedulers.js +4 -0
  311. package/node_modules/@comis/daemon/dist/wiring/setup-tools.d.ts +18 -4
  312. package/node_modules/@comis/daemon/dist/wiring/setup-tools.js +29 -10
  313. package/node_modules/@comis/daemon/dist/wiring/tool-capability-adapter.d.ts +75 -0
  314. package/node_modules/@comis/daemon/dist/wiring/tool-capability-adapter.js +253 -0
  315. package/node_modules/@comis/daemon/package.json +1 -1
  316. package/node_modules/@comis/gateway/dist/index.d.ts +2 -0
  317. package/node_modules/@comis/gateway/dist/index.js +2 -0
  318. package/node_modules/@comis/gateway/dist/oauth/oauth-callback-route.d.ts +66 -0
  319. package/node_modules/@comis/gateway/dist/oauth/oauth-callback-route.js +212 -0
  320. package/node_modules/@comis/gateway/dist/server/hono-server.d.ts +14 -0
  321. package/node_modules/@comis/gateway/dist/server/hono-server.js +10 -0
  322. package/node_modules/@comis/gateway/dist/webhook/webhook-endpoint.d.ts +0 -4
  323. package/node_modules/@comis/gateway/package.json +1 -1
  324. package/node_modules/@comis/infra/dist/logging/log-fields.d.ts +23 -0
  325. package/node_modules/@comis/infra/package.json +1 -1
  326. package/node_modules/@comis/memory/dist/compaction.d.ts +3 -5
  327. package/node_modules/@comis/memory/dist/compaction.js +2 -3
  328. package/node_modules/@comis/memory/dist/delivery-queue-adapter.d.ts +2 -2
  329. package/node_modules/@comis/memory/dist/delivery-queue-adapter.js +49 -1
  330. package/node_modules/@comis/memory/dist/index.d.ts +2 -0
  331. package/node_modules/@comis/memory/dist/index.js +3 -0
  332. package/node_modules/@comis/memory/dist/memory-api.d.ts +1 -1
  333. package/node_modules/@comis/memory/dist/memory-api.js +1 -1
  334. package/node_modules/@comis/memory/dist/oauth-profile-schema.d.ts +17 -0
  335. package/node_modules/@comis/memory/dist/oauth-profile-schema.js +33 -0
  336. package/node_modules/@comis/memory/dist/oauth-profile-store-encrypted.d.ts +27 -0
  337. package/node_modules/@comis/memory/dist/oauth-profile-store-encrypted.js +144 -0
  338. package/node_modules/@comis/memory/dist/session-store.d.ts +1 -1
  339. package/node_modules/@comis/memory/dist/session-store.js +1 -1
  340. package/node_modules/@comis/memory/dist/sqlite-secret-store.d.ts +29 -3
  341. package/node_modules/@comis/memory/dist/sqlite-secret-store.js +11 -3
  342. package/node_modules/@comis/memory/package.json +1 -1
  343. package/node_modules/@comis/scheduler/dist/cron/cron-types.d.ts +0 -42
  344. package/node_modules/@comis/scheduler/dist/execution/execution-lock.d.ts +13 -0
  345. package/node_modules/@comis/scheduler/dist/execution/execution-lock.js +1 -1
  346. package/node_modules/@comis/scheduler/dist/execution/index.d.ts +2 -0
  347. package/node_modules/@comis/scheduler/dist/execution/index.js +2 -0
  348. package/node_modules/@comis/scheduler/dist/heartbeat/agent-heartbeat-source.d.ts +29 -8
  349. package/node_modules/@comis/scheduler/dist/heartbeat/agent-heartbeat-source.js +20 -8
  350. package/node_modules/@comis/scheduler/dist/index.d.ts +2 -0
  351. package/node_modules/@comis/scheduler/dist/index.js +2 -0
  352. package/node_modules/@comis/scheduler/dist/system-events/system-event-types.d.ts +0 -3
  353. package/node_modules/@comis/scheduler/dist/tasks/task-types.d.ts +0 -17
  354. package/node_modules/@comis/scheduler/package.json +1 -1
  355. package/node_modules/@comis/shared/dist/index.d.ts +3 -0
  356. package/node_modules/@comis/shared/dist/index.js +4 -0
  357. package/node_modules/@comis/shared/dist/mcp-tool-name.d.ts +78 -0
  358. package/node_modules/@comis/shared/dist/mcp-tool-name.js +92 -0
  359. package/node_modules/@comis/shared/dist/silent-tokens.d.ts +38 -0
  360. package/node_modules/@comis/shared/dist/silent-tokens.js +51 -0
  361. package/node_modules/@comis/shared/dist/visible-delivery.d.ts +28 -0
  362. package/node_modules/@comis/shared/dist/visible-delivery.js +16 -0
  363. package/node_modules/@comis/shared/package.json +1 -1
  364. package/node_modules/@comis/skills/dist/bridge/mcp-tool-bridge.d.ts +2 -13
  365. package/node_modules/@comis/skills/dist/bridge/mcp-tool-bridge.js +3 -21
  366. package/node_modules/@comis/skills/dist/bridge/schema-validator.d.ts +38 -0
  367. package/node_modules/@comis/skills/dist/bridge/schema-validator.js +169 -0
  368. package/node_modules/@comis/skills/dist/bridge/tool-metadata-enforcement.js +12 -0
  369. package/node_modules/@comis/skills/dist/bridge/tool-metadata-registry.js +133 -3
  370. package/node_modules/@comis/skills/dist/builtin/exec-diagnostics.d.ts +32 -0
  371. package/node_modules/@comis/skills/dist/builtin/exec-diagnostics.js +127 -0
  372. package/node_modules/@comis/skills/dist/builtin/exec-security.js +38 -0
  373. package/node_modules/@comis/skills/dist/builtin/exec-tool.d.ts +55 -9
  374. package/node_modules/@comis/skills/dist/builtin/exec-tool.js +392 -19
  375. package/node_modules/@comis/skills/dist/builtin/file-tools/grep-tool.js +6 -6
  376. package/node_modules/@comis/skills/dist/builtin/install-detour.d.ts +67 -0
  377. package/node_modules/@comis/skills/dist/builtin/install-detour.js +342 -0
  378. package/node_modules/@comis/skills/dist/builtin/platform/admin-manage-factory.js +5 -5
  379. package/node_modules/@comis/skills/dist/builtin/platform/agents-manage-tool.d.ts +7 -6
  380. package/node_modules/@comis/skills/dist/builtin/platform/agents-manage-tool.js +40 -29
  381. package/node_modules/@comis/skills/dist/builtin/platform/background-tasks-tool.d.ts +4 -1
  382. package/node_modules/@comis/skills/dist/builtin/platform/background-tasks-tool.js +3 -3
  383. package/node_modules/@comis/skills/dist/builtin/platform/cron-tool.js +1 -1
  384. package/node_modules/@comis/skills/dist/builtin/platform/gateway-tool.js +6 -6
  385. package/node_modules/@comis/skills/dist/builtin/platform/mcp-manage-tool.d.ts +1 -1
  386. package/node_modules/@comis/skills/dist/builtin/platform/mcp-manage-tool.js +9 -9
  387. package/node_modules/@comis/skills/dist/builtin/platform/message-tool.js +18 -0
  388. package/node_modules/@comis/skills/dist/builtin/platform/messaging-factory.d.ts +18 -1
  389. package/node_modules/@comis/skills/dist/builtin/platform/messaging-factory.js +18 -2
  390. package/node_modules/@comis/skills/dist/builtin/platform/models-manage-tool.js +3 -3
  391. package/node_modules/@comis/skills/dist/builtin/process-registry.d.ts +14 -0
  392. package/node_modules/@comis/skills/dist/builtin/process-tool.d.ts +24 -4
  393. package/node_modules/@comis/skills/dist/builtin/process-tool.js +25 -7
  394. package/node_modules/@comis/skills/dist/builtin/sandbox/bwrap-provider.d.ts +11 -0
  395. package/node_modules/@comis/skills/dist/builtin/sandbox/bwrap-provider.js +123 -1
  396. package/node_modules/@comis/skills/dist/builtin/sandbox/detect-provider.js +40 -15
  397. package/node_modules/@comis/skills/dist/index.d.ts +4 -1
  398. package/node_modules/@comis/skills/dist/index.js +3 -1
  399. package/node_modules/@comis/skills/dist/manifest/capability-parser.d.ts +44 -0
  400. package/node_modules/@comis/skills/dist/manifest/capability-parser.js +68 -0
  401. package/node_modules/@comis/skills/dist/manifest/schema.d.ts +44 -37
  402. package/node_modules/@comis/skills/dist/manifest/schema.js +35 -0
  403. package/node_modules/@comis/skills/dist/media/ssrf-fetcher.d.ts +7 -0
  404. package/node_modules/@comis/skills/dist/media/ssrf-fetcher.js +9 -2
  405. package/node_modules/@comis/skills/dist/registry/discovery.d.ts +8 -0
  406. package/node_modules/@comis/skills/dist/registry/discovery.js +10 -3
  407. package/node_modules/@comis/skills/dist/registry/skill-registry.d.ts +45 -1
  408. package/node_modules/@comis/skills/dist/registry/skill-registry.js +70 -7
  409. package/node_modules/@comis/skills/package.json +1 -1
  410. package/node_modules/@comis/web/dist/assets/{agent-detail-71BSbSfD.js → agent-detail-q8t1NB7w.js} +1 -1
  411. package/node_modules/@comis/web/dist/assets/{agent-editor-CTSDZhwT.js → agent-editor-B46io5gv.js} +1 -1
  412. package/node_modules/@comis/web/dist/assets/{agent-list-BEhni2ea.js → agent-list-DQ6g2Rcx.js} +1 -1
  413. package/node_modules/@comis/web/dist/assets/{billing-view-DVP1IvVs.js → billing-view-IWPR8LgF.js} +1 -1
  414. package/node_modules/@comis/web/dist/assets/{channel-detail-N_YK74xC.js → channel-detail-DlNNZuuC.js} +1 -1
  415. package/node_modules/@comis/web/dist/assets/{channel-list-DRk6ZJaF.js → channel-list-DhGwxiMc.js} +1 -1
  416. package/node_modules/@comis/web/dist/assets/{chat-console-Dm-GtSf9.js → chat-console-Nv6fM3Rc.js} +1 -1
  417. package/node_modules/@comis/web/dist/assets/{config-editor-CIferYX6.js → config-editor-BYKuJF76.js} +1 -1
  418. package/node_modules/@comis/web/dist/assets/{context-dag-browser-CL84rXXM.js → context-dag-browser-ClNEtzYE.js} +1 -1
  419. package/node_modules/@comis/web/dist/assets/{context-engine-B1HOTEZv.js → context-engine-BZJ6HChd.js} +1 -1
  420. package/node_modules/@comis/web/dist/assets/{delivery-view-Y6JKYVFw.js → delivery-view-Cb7I3vGu.js} +1 -1
  421. package/node_modules/@comis/web/dist/assets/{diagnostics-view-DWV1UQjz.js → diagnostics-view-9u9Lyu5a.js} +1 -1
  422. package/node_modules/@comis/web/dist/assets/{ic-chat-message-DfSERzzg.js → ic-chat-message-BFt3cVpx.js} +1 -1
  423. package/node_modules/@comis/web/dist/assets/{ic-connection-dot-CXyhlJup.js → ic-connection-dot-y77LZ3Gu.js} +1 -1
  424. package/node_modules/@comis/web/dist/assets/{ic-tool-call-DNmwTjek.js → ic-tool-call-qt6w1NQl.js} +1 -1
  425. package/node_modules/@comis/web/dist/assets/{index-CBr0Tm9_.js → index-8Tg9oc-C.js} +2 -2
  426. package/node_modules/@comis/web/dist/assets/{mcp-management-BaH2-vox.js → mcp-management-69dtH_kY.js} +2 -2
  427. package/node_modules/@comis/web/dist/assets/{media-config-CZLshJoN.js → media-config-BdjLj5c1.js} +1 -1
  428. package/node_modules/@comis/web/dist/assets/{media-test-C9NUWgo_.js → media-test-DuPqrixi.js} +1 -1
  429. package/node_modules/@comis/web/dist/assets/{memory-inspector-D_fmTcRN.js → memory-inspector-B-Pepbq-.js} +1 -1
  430. package/node_modules/@comis/web/dist/assets/{message-center-BBFlNCZn.js → message-center-B7l0yNYY.js} +1 -1
  431. package/node_modules/@comis/web/dist/assets/{models-BytGLm99.js → models-JHFHuv5S.js} +1 -1
  432. package/node_modules/@comis/web/dist/assets/{observe-view-VXtHqaqq.js → observe-view-r8mqhy4O.js} +1 -1
  433. package/node_modules/@comis/web/dist/assets/{pipeline-builder-CfXczlfJ.js → pipeline-builder-XjkiZRcR.js} +1 -1
  434. package/node_modules/@comis/web/dist/assets/{pipeline-history-CPmXFnbe.js → pipeline-history-CZqJv_Hj.js} +1 -1
  435. package/node_modules/@comis/web/dist/assets/{pipeline-history-detail-DcueTMs9.js → pipeline-history-detail-BEFGMoDy.js} +1 -1
  436. package/node_modules/@comis/web/dist/assets/{pipeline-list-B-xG5WZh.js → pipeline-list-B6q5LvO1.js} +1 -1
  437. package/node_modules/@comis/web/dist/assets/{pipeline-monitor-pnIOYaSY.js → pipeline-monitor-BNomXjVL.js} +1 -1
  438. package/node_modules/@comis/web/dist/assets/{scheduler-BtUIFHhA.js → scheduler-BJEjcGKA.js} +1 -1
  439. package/node_modules/@comis/web/dist/assets/{security-C8mWRq2y.js → security-2G1jhBfV.js} +1 -1
  440. package/node_modules/@comis/web/dist/assets/{session-detail-DgdkO5ka.js → session-detail-DmVPzFBR.js} +1 -1
  441. package/node_modules/@comis/web/dist/assets/{session-list-DcylcfTn.js → session-list-CsqMQoHs.js} +1 -1
  442. package/node_modules/@comis/web/dist/assets/{setup-wizard-BP5yjsuL.js → setup-wizard-CAdM-gSP.js} +1 -1
  443. package/node_modules/@comis/web/dist/assets/{skills-DXt1bX8Z.js → skills-2ODqKaWr.js} +1 -1
  444. package/node_modules/@comis/web/dist/assets/{subagents-C7YbUHXY.js → subagents-BFlwfTbD.js} +1 -1
  445. package/node_modules/@comis/web/dist/assets/{workspace-manager-DP6pW4wa.js → workspace-manager--CbOx_dI.js} +1 -1
  446. package/node_modules/@comis/web/dist/index.html +1 -1
  447. package/node_modules/@comis/web/package.json +1 -1
  448. package/package.json +25 -24
@@ -0,0 +1,67 @@
1
+ /**
2
+ * Install-detour parser: detect pip/npm/pnpm/yarn install commands that
3
+ * overlap connected MCP servers or visible prompt skills.
4
+ *
5
+ * Pure parser — no IO, no per-call state beyond inputs. Returns `null` on
6
+ * parser-bail (unbalanced quotes, no install form found, no overlap detected)
7
+ * to signal "let the command run unchanged."
8
+ *
9
+ * Consumed by:
10
+ * - packages/skills/src/builtin/exec-tool.ts (mode policy gate)
11
+ * - packages/skills/src/builtin/process-tool.ts (advise-mode retroactive hint)
12
+ * - packages/skills/src/builtin/process-registry.ts (InstallDetourDecision type for ProcessSession field)
13
+ *
14
+ * Privacy invariant: the parser produces only sanitized identifiers
15
+ * (`commandDigest`, `packages[].normalizedName`, `overlaps[].sourceName`).
16
+ * Raw command text NEVER leaves this module.
17
+ *
18
+ * @module
19
+ */
20
+ import type { ToolCapabilityPort } from "@comis/core";
21
+ /**
22
+ * One overlap entry — links a parsed install package back to the connected
23
+ * MCP server or visible prompt skill that should be used instead.
24
+ *
25
+ * The 4 `reason` literals are pinned to match the closed event shape at
26
+ * `packages/core/src/event-bus/events-agent.ts:120-159`. Do NOT add new
27
+ * literals here without updating the event type in core.
28
+ */
29
+ export interface DetourOverlap {
30
+ /** Normalized package name (PEP-503 for python, lowercase + scope-preserving for npm). */
31
+ readonly packageName: string;
32
+ readonly sourceType: "mcp" | "skill";
33
+ /** Connected MCP server name OR visible prompt-skill name. Never a tool name. */
34
+ readonly sourceName: string;
35
+ /** Cluster (used by soft-stop error template; from getMcpServerHint/getSkillHint/getClusterConfig). */
36
+ readonly cluster?: string;
37
+ readonly reason: "direct-server-name" | "mcp-operator-alias" | "skill-comis-alias" | "skill-operator-alias";
38
+ }
39
+ /**
40
+ * Parser decision — returned non-null only when an install form was matched
41
+ * AND at least one overlap was detected. Returns `null` on every other path
42
+ * (parser-bail, no install form, no overlap), so callers branch via
43
+ * `if (decision !== null)` rather than checking `overlaps.length`.
44
+ */
45
+ export interface InstallDetourDecision {
46
+ readonly packageManager: "pip" | "npm" | "pnpm" | "yarn";
47
+ /** Sorted alphabetically — required for `commandDigest` stability. */
48
+ readonly packages: readonly string[];
49
+ readonly overlaps: readonly DetourOverlap[];
50
+ /** SHA-256 of `${packageManager}:${sortedPackages.join(",")}` truncated to 16 hex chars. */
51
+ readonly commandDigest: string;
52
+ }
53
+ /**
54
+ * Parse a shell command for install-detour overlap. Pure function — no IO,
55
+ * no module state, no memoization. Built fresh per call from the port's
56
+ * runtime state to avoid the skill-visibility race.
57
+ *
58
+ * Returns `null` when:
59
+ * - `splitTopLevelSegments` bails (unbalanced quotes anywhere)
60
+ * - No top-level segment matches the leading-token rule
61
+ * - The matched segment yields no parsed packages after token classification
62
+ * - `overlaps.length === 0` (no detected overlap)
63
+ *
64
+ * @param command - Raw shell command (caller passes verbatim — parser does not sanitize)
65
+ * @param port - ToolCapabilityPort (runtime view of connected servers + visible skills)
66
+ */
67
+ export declare function parseInstallDetour(command: string, port: ToolCapabilityPort): InstallDetourDecision | null;
@@ -0,0 +1,342 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ /**
3
+ * Install-detour parser: detect pip/npm/pnpm/yarn install commands that
4
+ * overlap connected MCP servers or visible prompt skills.
5
+ *
6
+ * Pure parser — no IO, no per-call state beyond inputs. Returns `null` on
7
+ * parser-bail (unbalanced quotes, no install form found, no overlap detected)
8
+ * to signal "let the command run unchanged."
9
+ *
10
+ * Consumed by:
11
+ * - packages/skills/src/builtin/exec-tool.ts (mode policy gate)
12
+ * - packages/skills/src/builtin/process-tool.ts (advise-mode retroactive hint)
13
+ * - packages/skills/src/builtin/process-registry.ts (InstallDetourDecision type for ProcessSession field)
14
+ *
15
+ * Privacy invariant: the parser produces only sanitized identifiers
16
+ * (`commandDigest`, `packages[].normalizedName`, `overlaps[].sourceName`).
17
+ * Raw command text NEVER leaves this module.
18
+ *
19
+ * @module
20
+ */
21
+ import { createHash } from "node:crypto";
22
+ import { ShellQuoteTracker } from "./exec-security.js";
23
+ // --------------------------------------------------------------------------
24
+ // Public entry point
25
+ // --------------------------------------------------------------------------
26
+ /**
27
+ * Parse a shell command for install-detour overlap. Pure function — no IO,
28
+ * no module state, no memoization. Built fresh per call from the port's
29
+ * runtime state to avoid the skill-visibility race.
30
+ *
31
+ * Returns `null` when:
32
+ * - `splitTopLevelSegments` bails (unbalanced quotes anywhere)
33
+ * - No top-level segment matches the leading-token rule
34
+ * - The matched segment yields no parsed packages after token classification
35
+ * - `overlaps.length === 0` (no detected overlap)
36
+ *
37
+ * @param command - Raw shell command (caller passes verbatim — parser does not sanitize)
38
+ * @param port - ToolCapabilityPort (runtime view of connected servers + visible skills)
39
+ */
40
+ export function parseInstallDetour(command, port) {
41
+ const segments = splitTopLevelSegments(command);
42
+ if (segments === null)
43
+ return null; // unbalanced quotes
44
+ // Try each top-level segment until one matches an install form
45
+ for (const segment of segments) {
46
+ const parsed = parseInstallSegment(segment);
47
+ if (parsed === null)
48
+ continue;
49
+ const { packageManager, rawPackages } = parsed;
50
+ // Token classification: drop URL/VCS/path/file specs; strip versions; keep registry names
51
+ const ecosystem = packageManager === "pip" ? "python" : "node";
52
+ const cleanedNames = [];
53
+ for (const tok of rawPackages) {
54
+ const cleaned = classifyPackageToken(tok, ecosystem);
55
+ if (cleaned !== null)
56
+ cleanedNames.push(cleaned);
57
+ }
58
+ if (cleanedNames.length === 0)
59
+ continue; // no install-target tokens
60
+ // Normalize names per ecosystem
61
+ const normalize = ecosystem === "python" ? normalizePythonName : normalizeNpmName;
62
+ const packages = [...new Set(cleanedNames.map(normalize))].sort();
63
+ if (packages.length === 0)
64
+ continue;
65
+ // Build alias map FRESH per call — no memoization (avoids skill-visibility race)
66
+ const { pythonAliases, npmAliases } = buildPackageAliasMap(port);
67
+ const aliasMap = ecosystem === "python" ? pythonAliases : npmAliases;
68
+ const connectedServersNorm = new Set(port.getConnectedMcpServers().map(normalize));
69
+ // Detect overlaps for each package: direct-server first, then alias-map
70
+ const overlaps = [];
71
+ for (const pkgN of packages) {
72
+ if (connectedServersNorm.has(pkgN)) {
73
+ // Find the original (un-normalized) server name for the sourceName field
74
+ const serverName = port.getConnectedMcpServers().find((s) => normalize(s) === pkgN);
75
+ if (serverName) {
76
+ const hint = port.getMcpServerHint(serverName);
77
+ overlaps.push({
78
+ packageName: pkgN,
79
+ sourceType: "mcp",
80
+ sourceName: serverName,
81
+ cluster: hint?.cluster,
82
+ reason: "direct-server-name",
83
+ });
84
+ continue;
85
+ }
86
+ }
87
+ const aliasHit = aliasMap.get(pkgN);
88
+ if (aliasHit)
89
+ overlaps.push(aliasHit);
90
+ }
91
+ if (overlaps.length === 0)
92
+ return null; // no overlap → no event → run unchanged
93
+ // First-match-wins on segments: return on the first segment producing overlap
94
+ return {
95
+ packageManager,
96
+ packages,
97
+ overlaps,
98
+ commandDigest: buildCommandDigest(packageManager, packages),
99
+ };
100
+ }
101
+ return null; // no segment matched an install form
102
+ }
103
+ // --------------------------------------------------------------------------
104
+ // Private helpers (NOT exported — internal to install-detour module)
105
+ // --------------------------------------------------------------------------
106
+ /**
107
+ * Split a command on top-level `;` `&&` `||` `|` `&` (outside quotes). Reuses
108
+ * `ShellQuoteTracker` from `exec-security.ts:21-74`. Returns `null` on
109
+ * unbalanced quotes anywhere — the parser-bail signal.
110
+ *
111
+ * Deliberately separate from `exec-security.ts:splitCommandSegments`:
112
+ * - Splits on `&` AS WELL — POSIX background-and-continue is a command terminator
113
+ * (same operator class as `;`). See exec-security.ts:184 for the canonical reference.
114
+ * - Returns `null` on unbalanced quotes (vs returning collected-so-far).
115
+ * Two helpers, no shared abstraction (KISS-consistent).
116
+ */
117
+ function splitTopLevelSegments(command) {
118
+ const tracker = new ShellQuoteTracker();
119
+ const segments = [];
120
+ let current = "";
121
+ for (let i = 0; i < command.length; i++) {
122
+ const ch = command[i];
123
+ if (!tracker.escaped && tracker.state === "NORMAL") {
124
+ // Two-char operators first
125
+ if (i + 1 < command.length) {
126
+ const two = ch + command[i + 1];
127
+ if (two === "&&" || two === "||") {
128
+ segments.push(current.trim());
129
+ current = "";
130
+ i++; // skip second char
131
+ continue;
132
+ }
133
+ }
134
+ // Single-char operators. `&` is a POSIX command terminator (background-and-continue),
135
+ // same class as `;` — see exec-security.ts:184. The two-char `&&` lookahead above
136
+ // runs first, so `&&` is never reached here.
137
+ if (ch === ";" || ch === "|" || ch === "&") {
138
+ segments.push(current.trim());
139
+ current = "";
140
+ continue;
141
+ }
142
+ }
143
+ tracker.feed(ch);
144
+ current += ch;
145
+ }
146
+ // Bail on unbalanced quotes
147
+ if (tracker.state !== "NORMAL" || tracker.escaped) {
148
+ return null;
149
+ }
150
+ segments.push(current.trim());
151
+ return segments.filter((s) => s.length > 0);
152
+ }
153
+ /**
154
+ * Identify the install form (if any) of a single top-level segment by its
155
+ * leading token. Returns the matched package manager + the raw remaining
156
+ * tokens (after the install verb) when a form is found.
157
+ *
158
+ * Leading-token rule — ONLY these forms are recognized:
159
+ * pip install …
160
+ * pip3 install …
161
+ * python -m pip install …
162
+ * python3 -m pip install …
163
+ * npm install … | npm i … | npm add …
164
+ * pnpm install … | pnpm add …
165
+ * yarn add …
166
+ *
167
+ * Quoted strings, command substitution, heredocs, and `npx`/`pwsh -c`
168
+ * fall through to the `null` branch.
169
+ */
170
+ function parseInstallSegment(segment) {
171
+ // Whitespace-tokenize the segment. We deliberately do NOT re-tokenize
172
+ // with quote-awareness here — the leading-token rule only inspects the
173
+ // first whitespace-delimited token, and shell quoting at this layer is
174
+ // already consistent (parent splitTopLevelSegments left us a balanced
175
+ // segment). This is the design's "no recursive descent" position.
176
+ const tokens = segment.split(/\s+/).filter((t) => t.length > 0);
177
+ if (tokens.length === 0)
178
+ return null;
179
+ const lead = tokens[0];
180
+ if (lead === "pip" || lead === "pip3") {
181
+ if (tokens[1] !== "install")
182
+ return null;
183
+ return { packageManager: "pip", rawPackages: tokens.slice(2) };
184
+ }
185
+ if (lead === "python" || lead === "python3") {
186
+ // python -m pip install …
187
+ if (tokens[1] !== "-m" || tokens[2] !== "pip" || tokens[3] !== "install")
188
+ return null;
189
+ return { packageManager: "pip", rawPackages: tokens.slice(4) };
190
+ }
191
+ if (lead === "npm") {
192
+ const verb = tokens[1];
193
+ if (verb !== "install" && verb !== "i" && verb !== "add")
194
+ return null;
195
+ return { packageManager: "npm", rawPackages: tokens.slice(2) };
196
+ }
197
+ if (lead === "pnpm") {
198
+ const verb = tokens[1];
199
+ if (verb !== "install" && verb !== "add")
200
+ return null;
201
+ return { packageManager: "pnpm", rawPackages: tokens.slice(2) };
202
+ }
203
+ if (lead === "yarn") {
204
+ if (tokens[1] !== "add")
205
+ return null;
206
+ return { packageManager: "yarn", rawPackages: tokens.slice(2) };
207
+ }
208
+ return null;
209
+ }
210
+ /**
211
+ * Classify one raw token from the install args:
212
+ * - Returns `null` if it's a flag (starts with `-`).
213
+ * - Returns `null` if it's URL/VCS/local-path/file spec.
214
+ * - Returns the package name with version stripped for unscoped names.
215
+ * - Preserves `@scope/name` and strips `@version` only at the SECOND `@`.
216
+ */
217
+ function classifyPackageToken(token, ecosystem) {
218
+ if (token.startsWith("-"))
219
+ return null; // flag — skip
220
+ // URL / VCS / local-path / file spec rejection
221
+ if (token.includes("://") ||
222
+ token.startsWith("git+") ||
223
+ token.startsWith("file:") ||
224
+ token.startsWith("./") ||
225
+ token.startsWith("../") ||
226
+ token.endsWith(".tar.gz") ||
227
+ token.endsWith(".whl") ||
228
+ token.endsWith(".zip")) {
229
+ return null;
230
+ }
231
+ // Scoped npm preservation: @scope/name or @scope/name@1.2.3
232
+ if (ecosystem === "node" && token.startsWith("@")) {
233
+ const slashIdx = token.indexOf("/");
234
+ if (slashIdx <= 0)
235
+ return null; // malformed @scope without name
236
+ const afterSlash = token.slice(slashIdx + 1);
237
+ const versionAt = afterSlash.indexOf("@");
238
+ const namePart = versionAt >= 0
239
+ ? afterSlash.slice(0, versionAt)
240
+ : afterSlash;
241
+ if (namePart.length === 0)
242
+ return null;
243
+ return token.slice(0, slashIdx + 1) + namePart; // "@scope/name"
244
+ }
245
+ // Unscoped: strip version specifiers from the FIRST occurrence of
246
+ // any of `==`, `>=`, `<=`, `<`, `>`, `!=`, `~=`, or `@`.
247
+ const versionRegex = /(==|>=|<=|!=|~=|<|>|@)/;
248
+ const match = token.search(versionRegex);
249
+ const namePart = match >= 0 ? token.slice(0, match) : token;
250
+ if (namePart.length === 0)
251
+ return null;
252
+ return namePart;
253
+ }
254
+ /** PEP 503 strict normalization: lowercase + collapse `-`/`_`/`.` runs to single `-`. */
255
+ function normalizePythonName(name) {
256
+ return name.toLowerCase().replace(/[-_.]+/g, "-");
257
+ }
258
+ /** npm: lowercase only; `@scope/name` preserved exactly. */
259
+ function normalizeNpmName(name) {
260
+ return name.toLowerCase();
261
+ }
262
+ /**
263
+ * SHA-256 of `${pm}:${sortedPackages.join(",")}` truncated to 16 hex chars.
264
+ * Stable, order-insensitive, distinct for distinct PMs/packages.
265
+ * Mirrors `file-state-tracker.ts:160-163` crypto pattern + the
266
+ * `SYSTEM_PROMPT_HASH_LENGTH = 16` truncation convention from
267
+ * `packages/agent/src/context-engine/constants.ts:163`.
268
+ */
269
+ function buildCommandDigest(pm, packages) {
270
+ const sorted = [...packages].sort();
271
+ return createHash("sha256")
272
+ .update(`${pm}:${sorted.join(",")}`)
273
+ .digest("hex")
274
+ .slice(0, 16);
275
+ }
276
+ /**
277
+ * Build per-call alias maps from the port's runtime view. NEVER memoize
278
+ * across calls — avoids the skill-visibility race.
279
+ *
280
+ * Two SEPARATE maps keyed by ecosystem to avoid cross-ecosystem aliasing
281
+ * collisions when an operator declares `replacesPackages: ["foo_bar"]`
282
+ * (Python normalizes to `foo-bar`; npm preserves `foo_bar`). The parser
283
+ * picks the appropriate map based on detected `packageManager`.
284
+ */
285
+ function buildPackageAliasMap(port) {
286
+ const pythonAliases = new Map();
287
+ const npmAliases = new Map();
288
+ // 1. MCP operator hints (tooling.mcp.capabilityHints[*].replacesPackages)
289
+ for (const server of port.getConnectedMcpServers()) {
290
+ const hint = port.getMcpServerHint(server);
291
+ if (!hint)
292
+ continue;
293
+ for (const pkg of hint.replacesPackages) {
294
+ const overlap = {
295
+ packageName: pkg.toLowerCase(),
296
+ sourceType: "mcp",
297
+ sourceName: server,
298
+ cluster: hint.cluster,
299
+ reason: "mcp-operator-alias",
300
+ };
301
+ const pyKey = normalizePythonName(pkg);
302
+ const npmKey = normalizeNpmName(pkg);
303
+ if (!pythonAliases.has(pyKey)) {
304
+ pythonAliases.set(pyKey, { ...overlap, packageName: pyKey });
305
+ }
306
+ if (!npmAliases.has(npmKey)) {
307
+ npmAliases.set(npmKey, { ...overlap, packageName: npmKey });
308
+ }
309
+ }
310
+ }
311
+ // 2. Skill aliases (operator hints + comis.capability — both pre-merged
312
+ // by port.getPromptSkillCapabilities()).
313
+ // Visibility filter (allowed/denied/eligibility/disableModelInvocation)
314
+ // is already applied at the port level — no re-filter here.
315
+ for (const skill of port.getPromptSkillCapabilities()) {
316
+ // Discriminate operator-alias vs comis-alias: if port.getSkillHint
317
+ // returns truthy for this skill, the operator hint is the source.
318
+ const operatorHint = port.getSkillHint(skill.name, skill.skillKey);
319
+ const reason = operatorHint
320
+ ? "skill-operator-alias"
321
+ : "skill-comis-alias";
322
+ for (const pkg of skill.replacesPackages) {
323
+ const overlap = {
324
+ packageName: pkg.toLowerCase(),
325
+ sourceType: "skill",
326
+ sourceName: skill.name,
327
+ cluster: skill.cluster,
328
+ reason,
329
+ };
330
+ const pyKey = normalizePythonName(pkg);
331
+ const npmKey = normalizeNpmName(pkg);
332
+ // first-source-wins precedence: MCP entries already in the map are not overwritten
333
+ if (!pythonAliases.has(pyKey)) {
334
+ pythonAliases.set(pyKey, { ...overlap, packageName: pyKey });
335
+ }
336
+ if (!npmAliases.has(npmKey)) {
337
+ npmAliases.set(npmKey, { ...overlap, packageName: npmKey });
338
+ }
339
+ }
340
+ }
341
+ return { pythonAliases, npmAliases };
342
+ }
@@ -19,11 +19,11 @@ import { jsonResult, readEnumParam, throwToolError, createTrustGuard, } from "./
19
19
  * `AgentToolResult` (multi-block content + typed `details`), so the factory
20
20
  * passes it through verbatim instead of re-wrapping via `jsonResult`.
21
21
  *
22
- * Used by `agents_manage.create` (260428-sw2 Layer 1) to emit a 2-text-block
23
- * tool_result: a high-attention next-step contract first, the JSON-rendered
24
- * RPC fields second. The 7 sibling admin manage tools (cron/heartbeat/
25
- * sessions/tokens/etc.) keep returning plain objects from their overrides --
26
- * they hit the `jsonResult` branch unchanged. Additive, zero-impact change.
22
+ * Used by `agents_manage.create` to emit a 2-text-block tool_result: a
23
+ * high-attention next-step contract first, the JSON-rendered RPC fields
24
+ * second. The 7 sibling admin manage tools (cron/heartbeat/sessions/tokens/
25
+ * etc.) keep returning plain objects from their overrides -- they hit the
26
+ * `jsonResult` branch unchanged. Additive, zero-impact change.
27
27
  */
28
28
  function isAgentToolResult(value) {
29
29
  return (typeof value === "object" &&
@@ -42,6 +42,7 @@ export declare const AgentsManageToolParams: Type.TObject<{
42
42
  browser: Type.TOptional<Type.TBoolean>;
43
43
  }>>;
44
44
  }>>;
45
+ oauthProfiles: Type.TOptional<Type.TRecord<"^.*$", Type.TString>>;
45
46
  }>, Type.TString]>>;
46
47
  }>;
47
48
  export interface AgentInlineWritesValue {
@@ -62,19 +63,19 @@ export interface AgentInlineWritesError {
62
63
  * of the `agents_manage.create` tool_result. The freshest, uncached surface
63
64
  * the LLM reads on every turn -- pinned here to fix the silent-termination
64
65
  * bug where TOOL_GUIDE prescriptive text gets crowded out under high
65
- * parallel-tool-call load (production session 1a8b0d91 turn 13: 9 sub-agents
66
- * created in parallel, then a 0-text 0-thinking 0-tool turn).
66
+ * parallel-tool-call load (e.g. 9 sub-agents created in parallel followed
67
+ * by a 0-text 0-thinking 0-tool turn).
67
68
  *
68
69
  * Pure string composition. No I/O, no Result<T,E> needed (per AGENTS.md
69
70
  * §2.1: Result is for fallible paths only; this is infallible).
70
71
  *
71
- * Three branches keyed on `inlineWritesResult` (260428-vyf):
72
+ * Three branches keyed on `inlineWritesResult`:
72
73
  * - BOTH written → SHORT contract: "No further setup needed — agent is
73
74
  * operationally ready". Skips the post-create write() roundtrip.
74
75
  * - PARTIAL (only one of role/identity written) → mixed contract pointing
75
76
  * only at the still-template file with a single "Next required action".
76
- * - NEITHER (or write failure / undefined) → existing 260428-sw2 2-step
77
- * contract verbatim, telling the LLM to call write() for ROLE.md.
77
+ * - NEITHER (or write failure / undefined) → existing 2-step contract
78
+ * verbatim, telling the LLM to call write() for ROLE.md.
78
79
  *
79
80
  * Case B (workspaceDir absent — defensive fallback): shorter form pinning
80
81
  * "Customize {agentId}'s workspace ROLE.md and IDENTITY.md before using."
@@ -94,7 +95,7 @@ export declare function buildCreateContract(agentId: string, workspaceDir: strin
94
95
  *
95
96
  * @param rpcCall - RPC call function for delegating to the daemon backend
96
97
  * @param logger - Required structured logger. Used to emit a per-create
97
- * INFO log pinning the next-step contract emission (260428-sw2 Layer 1).
98
+ * INFO log pinning the next-step contract emission.
98
99
  * Mirrors the gateway-tool required-logger position; no overload-with-
99
100
  * default-logger compat shim (per `feedback_no_backward_compat.md`).
100
101
  * @param approvalGate - Optional approval gate for create/delete actions
@@ -48,19 +48,19 @@ export const AgentsManageToolParams = Type.Object({
48
48
  "Default: full. Can be changed later via update action. " +
49
49
  "Alternative shape: nested workspace.profile (see `workspace` field).",
50
50
  })),
51
- // 260428-oyc: declare nested workspace shape explicitly. The LLM
52
- // sometimes emits `workspace: {profile: "specialist"}` directly
53
- // (mirroring the downstream Zod schema-agent.ts:733-738 shape).
54
- // Without this declaration, the unknown nested object slipped past
55
- // TypeBox structurally but the enum was never validated -- invalid
56
- // values would only be caught later at the Zod layer with a less
51
+ // Declare nested workspace shape explicitly. The LLM sometimes
52
+ // emits `workspace: {profile: "specialist"}` directly (mirroring
53
+ // the downstream Zod schema-agent.ts:733-738 shape). Without this
54
+ // declaration, the unknown nested object slipped past TypeBox
55
+ // structurally but the enum was never validated -- invalid values
56
+ // would only be caught later at the Zod layer with a less
57
57
  // actionable error path. Declaring it here makes both shapes
58
58
  // first-class and gates the enum at the tool-validation boundary.
59
59
  workspace: Type.Optional(Type.Object({
60
60
  profile: Type.Union([Type.Literal("full"), Type.Literal("specialist")], {
61
61
  description: "Workspace profile (alternative to flat workspace_profile). Valid: full | specialist ONLY. NO other values accepted.",
62
62
  }),
63
- // 260428-vyf L2: inline ROLE.md / IDENTITY.md content. The tool
63
+ // Inline ROLE.md / IDENTITY.md content. The tool
64
64
  // handler strips these from the config payload BEFORE the RPC
65
65
  // and forwards them as a separate top-level `inlineContent`
66
66
  // param. The daemon writes them as files (write-once side-
@@ -95,6 +95,17 @@ export const AgentsManageToolParams = Type.Object({
95
95
  browser: Type.Optional(Type.Boolean({ description: "Enable headless browser control" })),
96
96
  }, { description: "Built-in tool toggles (true=enabled, false=disabled)" })),
97
97
  }, { description: "Skills and tool configuration" })),
98
+ // Per-agent OAuth profile preference. Map of provider → profile-id
99
+ // (e.g. { "openai-codex": "openai-codex:user@example.com" }).
100
+ // The downstream Zod schema (PerAgentConfigSchema) is the
101
+ // canonical format gate via `validateProfileId`; the daemon-side
102
+ // `agents.update` handler additionally rejects unknown profile IDs
103
+ // via `OAuthCredentialStore.has()`.
104
+ oauthProfiles: Type.Optional(Type.Record(Type.String(), Type.String({
105
+ description: "<provider>:<identity> profile ID. Run `comis auth list` first to discover stored profiles.",
106
+ }), {
107
+ description: "OAuth profile preferences per provider (e.g., openai-codex). Each value must match an existing stored profile ID — the daemon rejects nonexistent IDs with a 'not found in store' error.",
108
+ })),
98
109
  }, { description: "Agent configuration for create/update actions" }),
99
110
  Type.String({
100
111
  description: "Agent configuration as a JSON string (fallback when the LLM stringifies the object). " +
@@ -110,9 +121,9 @@ const VALID_ACTIONS = ["create", "get", "update", "delete", "suspend", "resume",
110
121
  * Map flat workspace_profile param to nested workspace.profile config.
111
122
  * Mutates config in place.
112
123
  *
113
- * 260428-oyc: precedence is "flat wins" -- when both flat workspace_profile
114
- * and nested workspace.profile are present, the flat field overwrites the
115
- * nested one. This matches the existing spread semantics
124
+ * Precedence is "flat wins" -- when both flat workspace_profile and nested
125
+ * workspace.profile are present, the flat field overwrites the nested one.
126
+ * This matches the existing spread semantics
116
127
  * (`{...existing, profile}`) and keeps a single deterministic rule. When only
117
128
  * nested is present (no `workspace_profile` key), this is a no-op and the
118
129
  * nested shape flows through unchanged to the downstream Zod validator.
@@ -139,19 +150,19 @@ function mapWorkspaceProfile(config) {
139
150
  * of the `agents_manage.create` tool_result. The freshest, uncached surface
140
151
  * the LLM reads on every turn -- pinned here to fix the silent-termination
141
152
  * bug where TOOL_GUIDE prescriptive text gets crowded out under high
142
- * parallel-tool-call load (production session 1a8b0d91 turn 13: 9 sub-agents
143
- * created in parallel, then a 0-text 0-thinking 0-tool turn).
153
+ * parallel-tool-call load (e.g. 9 sub-agents created in parallel followed
154
+ * by a 0-text 0-thinking 0-tool turn).
144
155
  *
145
156
  * Pure string composition. No I/O, no Result<T,E> needed (per AGENTS.md
146
157
  * §2.1: Result is for fallible paths only; this is infallible).
147
158
  *
148
- * Three branches keyed on `inlineWritesResult` (260428-vyf):
159
+ * Three branches keyed on `inlineWritesResult`:
149
160
  * - BOTH written → SHORT contract: "No further setup needed — agent is
150
161
  * operationally ready". Skips the post-create write() roundtrip.
151
162
  * - PARTIAL (only one of role/identity written) → mixed contract pointing
152
163
  * only at the still-template file with a single "Next required action".
153
- * - NEITHER (or write failure / undefined) → existing 260428-sw2 2-step
154
- * contract verbatim, telling the LLM to call write() for ROLE.md.
164
+ * - NEITHER (or write failure / undefined) → existing 2-step contract
165
+ * verbatim, telling the LLM to call write() for ROLE.md.
155
166
  *
156
167
  * Case B (workspaceDir absent — defensive fallback): shorter form pinning
157
168
  * "Customize {agentId}'s workspace ROLE.md and IDENTITY.md before using."
@@ -179,7 +190,7 @@ export function buildCreateContract(agentId, workspaceDir, inlineWritesResult) {
179
190
  ].join("\n");
180
191
  }
181
192
  // NEITHER (no inlineContent supplied, write failure, or undefined): fall
182
- // through to the existing 260428-sw2 2-step contract verbatim.
193
+ // through to the existing 2-step contract verbatim.
183
194
  if (workspaceDir !== undefined) {
184
195
  return [
185
196
  `✓ Agent ${agentId} created at ${workspaceDir}.`,
@@ -222,7 +233,7 @@ function coerceConfig(p) {
222
233
  *
223
234
  * @param rpcCall - RPC call function for delegating to the daemon backend
224
235
  * @param logger - Required structured logger. Used to emit a per-create
225
- * INFO log pinning the next-step contract emission (260428-sw2 Layer 1).
236
+ * INFO log pinning the next-step contract emission.
226
237
  * Mirrors the gateway-tool required-logger position; no overload-with-
227
238
  * default-logger compat shim (per `feedback_no_backward_compat.md`).
228
239
  * @param approvalGate - Optional approval gate for create/delete actions
@@ -260,16 +271,16 @@ export function createAgentsManageTool(rpcCall, logger, approvalGate, callbacks)
260
271
  }
261
272
  }
262
273
  }
263
- // 260428-vyf L2 (Path A): strip workspace.role / workspace.identity
264
- // from the config payload BEFORE the RPC and forward them as a
265
- // separate top-level `inlineContent` parameter. Rationale: the
266
- // downstream Zod schema (PerAgentConfigSchema.workspace at
274
+ // Strip workspace.role / workspace.identity from the config
275
+ // payload BEFORE the RPC and forward them as a separate top-level
276
+ // `inlineContent` parameter. Rationale: the downstream Zod schema
277
+ // (PerAgentConfigSchema.workspace at
267
278
  // packages/core/src/config/schema-agent.ts) is z.strictObject —
268
279
  // unknown keys would trigger Zod `unrecognized_keys` rejection.
269
280
  // role/identity are write-once side-effects (ROLE.md / IDENTITY.md
270
281
  // file writes), NOT durable state — they MUST NOT leak into
271
- // config.yaml. Path B (extending Zod schema-agent.ts) was
272
- // rejected because it would persist them.
282
+ // config.yaml. Extending the Zod schema instead would persist
283
+ // them and was rejected.
273
284
  let inlineContent;
274
285
  if (config && typeof config === "object") {
275
286
  const ws = config.workspace;
@@ -295,11 +306,11 @@ export function createAgentsManageTool(rpcCall, logger, approvalGate, callbacks)
295
306
  const aid = agentId;
296
307
  const workspaceDir = result?.workspaceDir;
297
308
  const inlineWritesResult = result?.inlineWritesResult;
298
- // 260428-sw2 Layer 1 + 260428-vyf Layer 2: emit the next-step
299
- // contract on the freshest, uncached surface the LLM reads each
300
- // turn (the tool_result text). The contract has 3 branches keyed
301
- // on inlineWritesResult (see buildCreateContract). One structured
302
- // INFO log pins this happened.
309
+ // Emit the next-step contract on the freshest, uncached surface
310
+ // the LLM reads each turn (the tool_result text). The contract
311
+ // has 3 branches keyed on inlineWritesResult (see
312
+ // buildCreateContract). One structured INFO log pins this
313
+ // happened.
303
314
  const contractText = buildCreateContract(aid, workspaceDir, inlineWritesResult);
304
315
  // Distinguish the 3 inline-write outcomes for observability.
305
316
  // "none" — caller did not supply inlineContent
@@ -311,7 +322,7 @@ export function createAgentsManageTool(rpcCall, logger, approvalGate, callbacks)
311
322
  ? "written"
312
323
  : "failed";
313
324
  logger.info({
314
- module: "skill.agents-manage",
325
+ submodule: "skill.agents-manage",
315
326
  action: "create",
316
327
  agentId: aid,
317
328
  workspaceDir: workspaceDir ?? null,
@@ -14,13 +14,16 @@ type TaskStatus = "running" | "completed" | "failed" | "cancelled";
14
14
  /** Minimal task shape used by this tool. */
15
15
  interface TaskInfo {
16
16
  id: string;
17
- agentId: string;
18
17
  toolName: string;
19
18
  status: TaskStatus;
20
19
  startedAt: number;
21
20
  completedAt?: number;
22
21
  result?: string;
23
22
  error?: string;
23
+ /** agentId is nested under origin.agentId */
24
+ origin: {
25
+ agentId: string;
26
+ };
24
27
  }
25
28
  /** Subset of BackgroundTaskManager consumed by this tool. */
26
29
  export interface BackgroundTaskManagerLike {